snakekeylogger | ac377dab041224657325256e5549adf0243175a11b4679386bfc28b8ad9d232d | Triage

Submit
Reports

Overview

overview

Static

static

UPDATED SOA.xlsx

windows7_x64

UPDATED SOA.xlsx

windows10_x64

1

Sharing

General

Target

UPDATED SOA.xlsx
Size

705KB
Sample

210727-5mjeld9d96
MD5

b1403a9cdf7a6c5ec38bc61a8881be15
SHA1

effc46e294614dc6aadc226adbc08b1bca2c141c
SHA256

ac377dab041224657325256e5549adf0243175a11b4679386bfc28b8ad9d232d
SHA512

a2c6127624f1ca9880cce10c222d956f04894e4a724693f69ac788d3471f8cd01522f6a17b89c79f921b83cf0d722ab7a04841f816fca4ad955122627f5d220f

Score

10^/10

snakekeylogger keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

UPDATED SOA.xlsx

Resource

win7v20210408

snakekeylogger keylogger stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

UPDATED SOA.xlsx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.privateemail.com
Port:
587
Username:
nnamdi@keithwilliamgroup.com
Password:
)||LHNUQ5wgcszg

Targets

- Target
  
  UPDATED SOA.xlsx
- Size
  
  705KB
- MD5
  
  b1403a9cdf7a6c5ec38bc61a8881be15
- SHA1
  
  effc46e294614dc6aadc226adbc08b1bca2c141c
- SHA256
  
  ac377dab041224657325256e5549adf0243175a11b4679386bfc28b8ad9d232d
- SHA512
  
  a2c6127624f1ca9880cce10c222d956f04894e4a724693f69ac788d3471f8cd01522f6a17b89c79f921b83cf0d722ab7a04841f816fca4ad955122627f5d220f
Score

10^/10

snakekeylogger keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

snakekeyloggerkeyloggerstealer

behavioral2

© 2018-2024

Terms | Privacy